Shielding Cryptocurrencies: Turning Any Cryptocurrency Into a Privacy Coin (Republication) [Part 2]

Shielding Cryptocurrencies: Turning Any Cryptocurrency Into a Privacy Coin (Republication) [Part 2]

By abduraman | abduraman | 8 Mar 2020

Shielding is the process of turning cryptocurrencies on other cryptonetworks (or “public coins”) into privacy coins on Incognito.

Privacy coins

Through Incognito, a public coin can be shielded to obtain its privacy coin counterpart of the same value. For example, BTC can be shielded to obtain the privacy coin pBTC. pBTC has the same value as BTC, so 1 pBTC can always be redeemed for 1 BTC and vice versa.

Once shielded, privacy coin transactions are confidential and untraceable. A privacy coin enjoys the best of both worlds. It retains the value of its original counterpart and can be transacted confidentially on the Incognito network.


Table 1. The most popular privacy coins on the Incognito network from November 2019 to January 2020.


Incognito has based the shielding mechanism on the experience of building its first-generation trustless bridge, between Incognito and Ethereum [Incognito, 2018]. In particular, Incognito generalizes the bridge to enable a wider range of cryptonetworks to be interoperable with Incognito.

Current blockchain interoperability solutions mostly involve building ad-hoc bridges. BTC Relay [BTC Relay, 2019], WBTC [WBTC, 2019], and TBTC [TBTC, 2019] build ad hoc bridges between Bitcoin and Ethereum, while Kyber Network builds Waterloo [Baneth, 2019], an ad hoc bridge between Ethereum and EOS. For Incognito, doing it ad hoc – one bridge for every cryptonetwork – is not a scalable option.

Incognito takes a different approach: build once, work with any cryptonetwork. The shielding mechanism operates via a general bridge design that connects Incognito to any number of cryptonetworks, allowing for secure bi-directional transfers of cryptocurrencies whenever privacy is needed. This means any coin can now be a privacy coin. This approach is especially helpful for creating interoperability with cryptonetworks that do not support smart contracts, like Bitcoin and Binance Chain.

To obtain privacy coins, the user first submits a shielding request to the Bond smart contract with information about which public coins they want to shield and the amount. The Bond smart contract selects trustless custodians [Incognito, 2019] for the public coins and provides the user the custodians’ deposit addresses. Once the deposit is confirmed on the cryptonetwork of the public coins, the user initiates a shielding transaction on Incognito along with the deposit proof. A deposit proof on a cryptonetwork is often a Merkle branch linking the deposit transaction to the block it is time-stamped in, proving that the deposit transaction has been accepted by that cryptonetwork.



Figure 1. SPV in Bitcoin [Nakamoto, 2008]. Other cryptonetworks employ similar SPV methods. Note that while Incognito has a general bi-directional bridge with other cryptonetworks, it still needs the specific SPV logic for each cryptonetwork, including relaying block headers from those cryptonetworks to Incognito and performing SPV on deposit proofs.

Incognito validators verify the shielding transaction and the deposit proof inside it in particular by using Simplified Payment Verification [Nakamoto, 2008]. Most cryptonetworks support Simplified Payment Verification with a few small differences in the underlying data structures. For example, Bitcoin and Binance implement Merkle Tree [Merkle, 1980] while Ethereum implements a modified Merkle Patricia Tree [Wood, 2014].

Once the deposit proof is verified, new privacy coins are minted at a 1:1 ratio.


Figure 2. Shielding BTC and minting pBTC. Other public coins follow the same shielding process. Note that step 5 is simplified to make it simple for readers to follow the main logic: the proof of deposit is not generated by the custodian, but by the miners of underlying cryptonetwork.


Unshielding is the reverse process of shielding: turning privacy coins back into public coins.

The user initiates an unshielding transaction on Incognito with information about which privacy coins they want to unshield and the amount.

Incognito validators verify the unshield transaction, burn the privacy coins, and issue a burn proof. A burn proof on Incognito is a cryptographic proof. When signed by more than ⅔ of Incognito validators, it proves that the privacy coins have been burned on the Incognito network.

The user then submits the burn proof to the Bond smart contract, which verifies the burn proof and instructs a custodian to release the public coins that back those privacy coins at a 1:1 ratio.

Once the release is confirmed on its respective cryptonetwork, the custodian submits the release proof to the Bond smart contract. Similar to the deposit proof, a release proof is a Merkle branch linking the release transaction to the block it is time-stamped in, proving that the release transaction has been accepted by that cryptonetwork.

After verifying the released proof, the Bond smart contract frees up the custodian’s collateral; custodians can withdraw their collateral or start taking new user deposits.


Figure 3. Unshielding pBTC and releasing BTC. Other public coins follow the same unshielding process.



  1. Introduction: A Platform of Decentralized Privacy Coins

  2. Shielding Cryptocurrencies: Turning Any Cryptocurrency Into a Privacy Coin

  3. Trustless Custodians: A Decentralized Approach to Cryptocurrency Custodianship

  4. Sending Cryptocurrencies Confidentially: Ring Signature, Homomorphic Commitment, and Zero-Knowledge Range Proofs

  5. Privacy at Scale with Sharding

  6. Consensus: A Combination of PoS, pBFT, and BLS

  7. Incognito Software Stack: Navigating the Incognito Source Code

  8. Incognito Performance

  9. Network Incentive: Privacy (PRV)

  10. User-Created Privacy Coins

  11. Use Cases: Privacy Stablecoins, Privacy DEX, Confidential Crypto Payroll, and more

  12. Future Work: Smart Contracts, Confidential Assets, Confidential IP, and more

  13. Conclusions, Acknowledgments, and References


* This article is published upon permission of Incognito team. I thank them for their permission.

How do you rate this article?




Everything about Crypto World

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.